Welcome to the InfoSci Platform
Reference Hub9
LUARM: An Audit Engine for Insider Misuse Detection

LUARM: An Audit Engine for Insider Misuse Detection

G. Magklaras, S. Furnell, M. Papadaki
Copyright: © 2011 |Volume: 3 |Issue: 3 |Pages: 13
ISSN: 1941-6210|EISSN: 1941-6229|EISBN13: 9781613506479|DOI: 10.4018/jdcf.2011070103
Cite Article Cite Article

MLA

Magklaras, G., et al. "LUARM: An Audit Engine for Insider Misuse Detection." IJDCF vol.3, no.3 2011: pp.37-49. http://doi.org/10.4018/jdcf.2011070103

APA

Magklaras, G., Furnell, S., & Papadaki, M. (2011). LUARM: An Audit Engine for Insider Misuse Detection. International Journal of Digital Crime and Forensics (IJDCF), 3(3), 37-49. http://doi.org/10.4018/jdcf.2011070103

Chicago

Magklaras, G., S. Furnell, and M. Papadaki. "LUARM: An Audit Engine for Insider Misuse Detection," International Journal of Digital Crime and Forensics (IJDCF) 3, no.3: 37-49. http://doi.org/10.4018/jdcf.2011070103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Logging User Actions in Relational Mode (LUARM) is an open source audit engine for Linux. It provides a near real-time snapshot of a number of user action data such as file access, program execution and network endpoint user activities, all organized in easily searchable relational tables. LUARM attempts to solve two fundamental problems of the insider IT misuse domain. The first concerns the lack of insider misuse case data repositories that could be used by post-case forensic examiners to aid an incident investigation. The second problem relates to how information security researchers can enhance their ability to specify accurately insider threats at system level. This paper presents LUARM’s design perspectives and a ’post mortem’ case study of an insider IT misuse incident. The results show that the prototype audit engine has good potential to provide a valuable insight into the way insider IT misuse incidents manifest on IT systems and can be a valuable complement to forensic investigators of IT misuse incidents.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.